The "Bring Your Own Devices" trend has a dual-personality problem on its hands.
How can corporate data and personal data exist on a single smartphone? Companies don't want their deep secrets to get out, while employees don't want to be told how to use their precious mobile gadgets that they bought with their own money.
It's a problem that has stumped the BYOD crowd. "Companies don't trust that information is contained properly" on a BYOD smartphone, says Nanci Churchill, vice president of operations at Mobi Wireless Management, a software and services provider helping companies navigate mobile adoption.
Help, though, may be on the way.
Splitting the Phone Virtually
New solutions are bubbling up from mobile software vendors. For starters, there's the idea of a smartphone with a virtual software partition, which essentially splits the phone to create dual personalities for business and personal purposes. The business side can be remotely wiped if the phone is lost or stolen or the employee leaves the company. BlackBerry Balance does this on BlackBerrys. VMware and Verizon teamed up to create a virtual workspace on certain Android smartphones.
Mobile device management vendors such as AirWatch are also finding ways to separate personal and business data. Rather than remotely and fully wiping a compromised BYOD smartphone, MDMs can choose to selectively wipe only business apps.
In some cases, you can wipe business data.
Apple's native apps such as Calendar and Contacts let you tag data as personal or business. With native email, the iPhone can have separate accounts for personal email and work email. This allows MDMs to wipe only the business data (or email account) within the app itself. It should be noted that most third-party apps on the App Store don't separate data, which means MDMs must wipe the entire business app.
The Thin Line Between Business and Personal Data
You'd think with so many options, the problem of duality would be solved-but it's not. Many of Mobi's customers, as well as a large AirWatch customer, continue to fully wipe compromised BYOD smartphones, even though Mobi and AirWatch generally advise companies to embrace selective wiping.
Truth is, business data can skirt the virtual partition to the personal side of the phone or a personal cloud storage account, such as Dropbox or iCloud.
One company, for instance, said it would only access business content on a BYOD smartphone. It defined business content as email and business-related documents. Photos were excluded under the assumption that they were personal in nature.
"They came to find out that there were a lot of photographs of white boards. People had taken pictures of white boards that contained all kinds of business information," Matt Karlyn, a lawyer and partner in the technology transactions practice group at Boston law firm Cooley LLP, told me. "You can't make assumptions about what's business and what's personal."
Sign up for CIO Asia eNewsletters.